The present disclosure relates to computer security, and more specifically, to providing environmental security controls to prevent unauthorized access to files, programs, and objects.
Conventional operating systems may deploy a discretionary or mandatory access control security system. However, such systems cannot prevent a root level user (e.g., a security officer or administrator) from accessing data or applications given that this user has full authority to every file, program, and object on the system. Thus, if a user gains access to the system and gains root level privileges, this user now has full access to every file, program and object on the system. This leaves all sensitive data at risk from both users with a root level user ID and the user who gains root level privilege.
Conventional techniques to add security on top of the operating system and/or system microcode do not provide acceptable solutions. For example, techniques to prevent the use of certain interfaces used to access data on the system may add “exit” related programs that may analyze the run-time environment and prevent access. An example of such an exit program tests the Internet Protocol (IP) Address of the user attempting access and then either allows or prevents this user from accessing the file. Another example of an exit program analyzes the time-of-day may to allow access between 8:00 a.m. and 5:00 p.m., but disallow accesses attempted outside of this time range. However, the techniques can easily be defeated by a root level user. For example, the root level user can remove the exit programs that are controlling access, or change the parameters being checked (such as allowing access from 5:00 p.m.-8:00 a.m.). In addition, systems that enforce mandatory access control security assign a classification to each data file, such as “top secret,” which can only be accessed by a user with the corresponding “top secret” clearance. Such security fails if a user without the required clearance is able to gain access to a user account with the required clearance, as these users are allowed to create new users or change classification values (e.g., re-classify a “top secret” file to “unsecured”).